Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri,  9 Sep 2016 13:41:08 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: ettercap: etterlog: multiple crashes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Basically, the tool should read what you capture with YOUR ettercap, but since
> ettercap is one of the valid tools for MITM, there are dozens of blog post
> about how to use it, so there could be posts where malicious users make
> available crafted datafile to show something.
> 
> Details:
> https://blogs.gentoo.org/ago/2016/09/06/ettercap-etterlog-multiple-three-heap-based-buffer-overflow-el_profiles-c/
> 
> https://blogs.gentoo.org/ago/2016/09/09/ettercap-etterlog-null-pointer-dereference-in-fingerprint_search-ec_fingerprint-c/

These are crashes of a command-line program, not a program that is
supposed to continue running to handle a series of inputs. No write
access is reported. Also, running etterlog on an arbitrary
attacker-modified .ecp or .eci file probably would occur very rarely.

The "(three) heap-based buffer overflow" report is exclusively about
"AddressSanitizer: heap-buffer-overflow ... READ." It's apparently
about an attacker who fuzzes a file so that an IP address-length field
is a large number rather than, for example, 4 or 32. A memcmp reads
out-of-bounds data but the flow of control isn't altered. Also, this
happens in the etterlog source code (utils/etterlog/el_profiles.c),
not in library code that might be used in other applications.

We feel that these crashes are just an inconvenience, not a security
risk, and there are no CVE IDs at this time.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX0vOmAAoJEHb/MwWLVhi2ImQP/iRxxu9CbxT/TCTi1OK83Zzl
2gEwUhdrwMgYif9A5baHjQNcVgj/L6djdku6//6KL1WczXodGTbh+SD+bgZM4Yqm
2zR9+4jGn11PerC/7/Zs0arZSPBYwgo30gFvo4/UA1AOb+Z8dWJYl0vLGPfaS1Pa
tlW2+ZkCwjMmpeR70+u915X+r2vmi/ELtnvIdDD+51xOS2St+ts4yIOOzEP8ju0A
wghxGl+9m1Mzj8Ky5A6l2TPEuNrVGDP2GjIdbpc26ne6Kt8Xe/Sm1nYaWAogZKAv
dfCvK84ReBaX0xBxsJMYk32+XP57xOWEyg1CKYH36ZGLszTwru7MuiUtv1L4aHZ2
dqusZYwHdYSjB8cewZLf+QlbnqgTvt24g+Iw/F2J/fCi3QuwqWOABTvK4odWXMwS
r7gL5DRMMWMs8zZkhDT1+C4hygl3cCIa8iGHUzPEjT3VZl7K9rlc1pGGEM23+GmR
7ac74iOy3FYJFEev4Ko9IDaJqv6nxOQLVuuEaSFH27WAJPQ54e3xkQ39m6wz2fFT
/hqEEONrzyyxcuErHyDzj+qQM1P/iBTmwMVsUVav9tcR3jKCWJi/bd4KsMeX0bKb
YQe7ZkjTYHVR5CMNsh0aPJwjWVAZXOHdE2NcpBpagheV0+4P6hcwx2NKPJwgLmu1
B1w0CaBwAR1ftKSN4Npm
=fytj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.